Marriott discloses second data breach in two years

Hotel operator Marriott International has disclosed its second data breach in less than two years, this time impacting  about 5.2 million guests.

It said the breached information, including contact details, loyalty account information and additional personal details such as gender and birthdays, may have been accessed using the login credentials of two employees at a franchise property.

The company also said information such as account passwords, payment card information and passport information were not a part of the breach.

Marriott said it was currently investigating the incident, which it believed started in mid-January and was identified around February end.

In November 2018, Marriott said its Starwood guest reservation database was breached, potentially exposing information on about 500 million guests.

LogRhythm Labs senior director Andrew Hollister said in a statement that while this was Marriott's second breach in fairly short succession, such businesses would always be attractive targets.

Hollister also said that Marriott's detection capabilities had also clearly improved. 

"In the previous incident in 2018, Marriott detected signs of unauthorised activity going back four years," Hollister said.

"In this new case, the activity appears to have begun in January 2020 and been detected during the course of February 2020.

"This is a significant improvement in time to detect and respond to a data breach.

"Whilst a significant number of records has been breached, the reduced time to detect has no doubt contributed to the number being substantially lower than on the previous occasion."

Additional information added by iTnews